Search form

Macs under attack from growing malware threat

Mac users are often told that Macs don’t get viruses and they don’t need antivirus software. That is misleading and unhelpful advice, especially as Macs are once again under threat, this time from ransomware.

A computer virus is a specific type of malicious program and it can infect your computer, spread throughout your software, operating system and disk drive, replicate itself, and spread automatically to other computers.

It is true that viruses are extremely rare on the Apple Mac and you don’t need antivirus software, but focusing on one specific type of threat makes people believe that their computer is invulnerable to all types of threat. It is not.

There are viruses, Trojans, worms, rats, spyware, adware and many more types of malicious programs that can infect your computer and it is best to forget trying to classify the actual threat and to just group everything under the umbrella term of malware.

Macs get malware. Let’s not argue what type of malware because it is pointless. All types are bad and you don’t want any type on your computer.

We often talk about antivirus software and this is a category of software that dates back to the days when, on Windows computers, you had separate programs for each type of threat. You had an antivirus program, you had an antispyware program, you had a rootkit scanner, you had an adware tool, and so on. One specific tool for each type of threat.

Antivirus programs no longer exist and modern security software scans for many different types of malware, including viruses, Trojans, worms, rats, adware, spyware, PUPs and so on. PUPs, potentially unwanted programs, exist in a sort of grey area between malware and useful application. Most people find them undesirable and even downright irritating. They slow down the computer, get in the way of whatever you are doing, display adverts, affect your web browser and more.

Avast Mac Security

Modern antivirus software provides more than protection agains viruses and it would be useful if the name was changed to antimalware. The problem is that Malwarebytes already has a product called Anti-Malware, so that confuses matters. Because Macs don’t get viruses people assume they don’t need antivirus software, not realising that the software protects against other types of threat, too.

Avast Mac Security

Macs get malware and to combat this you need a malware scanner. Preferably a real-time scanner that actively checks for threats 24-7 rather than a clean-up tool that you run after being infected to remove the malware. Real-time protection will check every app you run before you run it or when it is written to the disk. That means it never gets to infect the computer. Provided it is detected of course.

KeRanger ransomware

In the past few days a new threat to Mac security has come to light and Palo Alto Networks discovered that the Transmission BitTorrent installer for the Apple Mac was infected with ransomware. It has been named KeRanger and is thought to be the first fully operational ransomware for the OS X.

Ransomware is common on Windows and what happens is that the malware encrypts the contents of the disk drive so that you cannot access any of your files. It then demands that you pay a fee to decrypt the disk. Now there is ransomware for the Mac and if it gets on your system and encrypts your files it will cost you one bitcoin to decrypt them.

One Bitcoin might not sound like much if you are not familiar with this digital currency, but it is actually more than $400 (exchange rates rise and fall, so it could be more or less than this).

The developers of the Transmission BitTorrent app are victims too. It is an open source app for OS X and is available for download from the Transmission website. Somehow the download of version 2.90 for OS X was replaced by an infected version. It is not known how this happened, but one possibility is that the website was hacked.

Anyone that downloaded and installed v2.90 of Transmission was infected with the ransomware. It does nothing for three days and then it begins encrypting files on the disk. When all your files are scrambled it then demands payment or else you’ll never be able to access them again.

Notice on the Transmission website

Apple’s Gatekeeper security is designed to prevent rogue applications from being installed and run, but in this case the infected software had a valid Mac app development certificate and so Gatekeeper allowed it to run. Apple has since revoked the certificate and made the appropriate security changes to block this malware, but for some people it is too late.

Would Mac security software have prevented this from infected your Mac? I don’t know. Security software isn’t so good at detecting unknown threats and usually it reacts to threats being discovered. Once a threat is detected, an update to the security software is pushed out and then you are protected. Let’s hope that Mac security software is monitoring Mac threats like this and is protecting us.

Do you need antivirus software for your Mac? No. Do you need anti-malware software? Yes. Make sure you get real-time protection though and not just a clean-up tool that works after being infected.